Data Protection Incidents and Fines: Lessons Learned

Slide Note
Embed
Share

Learn from real-life data protection scenarios that led to fines and breaches, such as improper data handling with USB devices, confidential files ending up in public recycling, misdirected emails of sensitive data, and unsecured mobile devices leading to theft. Understand the consequences and best practices to prevent such incidents in handling personal and sensitive data.

ramsay
ramsay Follow

Uploaded on Jul 31, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Data Protection Scenarios

  2. Moving Data You have a list of subscribers information that you need to move to another computer in the office: You ve decided to use a USB device to do this When you re finished you put the USB device in you pocket What s wrong with this Scenario? North East Lincolnshire Council was find 80,000 after a serious data breach of sensitive information of hundreds of children with special educational needs was lost. The information was stored on an unencrypted memory stick and went missing.

  3. Confidential Destruction You have a large bag of confidential material, finance papers, etc You are trying to save on your budget and decide to put these files into the normal recycle bag You then take this to the local on-street recycling collection point You find out later that some former employees pension records have been posted on-line In 2012 Scottish Borders Council where fined 250,000 when these records where found in a supermarket car park

  4. Sending Personal Data by email You have a list of personal & sensitive data of your best donators and how much they have donated to your cause but they have requested anonymity You need to send the list to the Finance Officer But you forget you were also in the process of sending out a circular to every one on you mailing list You hit send and the personal sensitive data has been sent to everyone on the mailing list Discuss Surrey County Council was fined 120,000 after three data breaches, involving misdirected emails.

  5. Mobile device You use your phone to pick up email It s not password protected You don t use the Outlook app (which is recommended by BCOS) You phone is stolen What can we do to be safe?

  6. Mobile Device (2) You need to take your laptop to a conference to do a presentation It has the data base of all the people going on a Pilgrimage to Lourdes in a few weeks with all their medical data, but you need to work on this when you re on the move You leave your laptop on the train Discuss Glasgow City Council was fined 150,000 for the loss of two unencrypted laptops

  7. Mobile Device (3) You have contacts on your smartphone You pair this with your car s Bluetooth handsfree You put your car in for service. Who has access to the contacts? Discuss In our own case the contacts are downloaded from the phone each time we connect and are not accessible from the car handsfree without the phone being present. In other makes/models of car the contacts are stored in the handsfree unit, so would be accessible to a service mechanic.

  8. Theft of Data You are a Voluntary Youth Centre and have vulnerable young people passing through. You have 3 desktop computers, one of which you use to share information with the local council and the with other social services. Nothing has been deleted from the PC in over 5 year's. It is password protected XYZ123 which is also located on a post-it note inside the desk drawer. Its never been changed. The Centre is broken into and the desktops are all stolen Identify and discuss any Data Protection issues

  9. Theft of Data (2) Organisational and Technical Security of Personal data Retention of Personal data Keeping data longer than needed Data Sharing - there was no agreement in place between the Council and the Centre Password Keep it safe in your head Lack of Technical Security - there is no obligation to encrypt desktop computers, but it helps Training of staff

Related


Understanding Fines, Penalty Notices, and Your Options

Understanding Fines, Penalty Notices, and Your Options

adr_mas
Enforcing EEA Competition Law in Iceland: Fines and Actions

Enforcing EEA Competition Law in Iceland: Fines and Actions

ibail
Competition and Consumer Protection Commission: Remedies, Fines, and Guidelines

Competition and Consumer Protection Commission: Remedies, Fines, and Guidelines

poitras_k
Understanding the Impact of the Criminal and Traffic Assessment Act

Understanding the Impact of the Criminal and Traffic Assessment Act

coil_a
Understanding Cat Fines in Marine Fuel Oil Contamination

Understanding Cat Fines in Marine Fuel Oil Contamination

christal
Driver's License Suspension in the U.S.: Impact on Employment and Fines

Driver's License Suspension in the U.S.: Impact on Employment and Fines

noah_130
Update on Hazing Incidents in Schools: Consequences and Lessons

Update on Hazing Incidents in Schools: Consequences and Lessons

sorenson_r
Understanding the European Union General Data Protection Regulation (GDPR)

Understanding the European Union General Data Protection Regulation (GDPR)

itrel
Overview of Data Protection Regulations and Compliance Framework

Overview of Data Protection Regulations and Compliance Framework

doslu
Preparing for EU General Data Protection Regulation with Revd. Mark James

Preparing for EU General Data Protection Regulation with Revd. Mark James

mercer
Understanding the General Data Protection Regulation (GDPR) and Data Protection Bill

Understanding the General Data Protection Regulation (GDPR) and Data Protection Bill

helena
The Digital Personal Data Protection Act 2023

The Digital Personal Data Protection Act 2023

edelweiss
Federal Aviation Administration Implementation Lessons Learned

Federal Aviation Administration Implementation Lessons Learned

ryland
ESInets Lessons Learned Project Overview

ESInets Lessons Learned Project Overview

rfuge
Understanding Acquired Traits and Learned Behaviors in Living Organisms

Understanding Acquired Traits and Learned Behaviors in Living Organisms

ryann
Analysis of Assault Incidents in Relation to Police Officers

Analysis of Assault Incidents in Relation to Police Officers

lisette
Understanding Data Protection Regulations and Definitions

Understanding Data Protection Regulations and Definitions

nicholes_p
Lessons and Practices from Workplace Violence Incidents

Lessons and Practices from Workplace Violence Incidents

mbrey
Offshore Health and Safety Executive Report on Dropped Objects Incidents in 2015

Offshore Health and Safety Executive Report on Dropped Objects Incidents in 2015

most_lis
Clinical Incidents and Complaints: Understanding, Management, and Prevention

Clinical Incidents and Complaints: Understanding, Management, and Prevention

lyric
Reporting Accidents and Incidents at Work: Understanding RIDDOR Regulations 2013

Reporting Accidents and Incidents at Work: Understanding RIDDOR Regulations 2013

max_cu
Addressing Bias-Related Incidents at Concordia University

Addressing Bias-Related Incidents at Concordia University

michal_m
Clinical Incidents, Complaints, and Learning Objectives in Healthcare

Clinical Incidents, Complaints, and Learning Objectives in Healthcare

liao_ira
Process Safety Incidents and Prevention Best Practices

Process Safety Incidents and Prevention Best Practices

oran

More Related Content